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, Abstract. In the spirit of Diffic Hellman the concept of a protocol algebra 

O is introduced using certain amalgamated free product of Braid group (B) 

, and Thompson group (T) together with a nilpotent subgroup H of index 2 

p^ 1 1. Introduction 

Most of the classical cryptographic schemes use Abelian groups in some way. 
In particular Dime Hellman key exchange uses finite cyclic groups. So the term 
i— 1 1 group based cryptography refers to cryptographic protocols that use infinite 

i ■ non Abelian group such as Braid groups. Braid groups can be used as a "plat- 

J> ! form" for a noncommutative cryptographic public key protocol. In this paper, 

in spirit of Diffe Hellman, a cryptosystem is generated using amalgamated 
free product of Braid groups and Thompson groups amalgamated through a 
i—i • subgroup H whose commutator subgroup lies in the center of H. 

io ! 

O , Definition 1.1. The Braid group on n strands, denoted by B n , is a group 

which has intuitive geometrical representation, and in a sense generalizesthe 
symmetric group S n . The braid group B n on n strands, is generated by n — 1 
■ generators X\, . . . , x n _\ satisfying the following relations 

^ ■ (1) XiXj = XjXi whenever \i — j\ > 2; 

cij (2) XiX i+1 Xi = x i+ iXiX i+1 for i = 1, 2, . . . , (n - 2) . 

Remark 1.1. (1) The groups Bq and B\ are trivial. 

(2) The group B 2 is generated by a single generator x\ and non-empty set 
of relation. In general, if natural number n > 1, then B n is an infinite 
group. 

(3) The group B n for n > 3 is a nonabelian group. 

B n is a subgroup B n+ \. It can be viewed as consisting of all those braid on 
n + 1 strands in which the bottom strand is horizontal and neither cross nor 
is crossed by any other strand. The simplest way to generalize the notion 
to an infinite number of strands is to take the direct limit of Braid groups, 
where the attaching maps f : B n — > B n+ i send the n — 1 generators of B n 
to the first n — 1 generators of B n+1 (i.e. by attaching a trivial strand). The 
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formal union of all the braid groups i.e. B = IJ^i A * s sometimes called the 

infinite group, B = [x\ ■ X 2 5 • • • ) ^ % 5 • • • | X 2 ^j^' — j X'i whenever \i — j\ > 2 and 

Definition 1.2. TTie Thompson Group T = (x , xi, x 2 , ■ ■ ■ \x k Xi = XiX k+ i(k > 
i)). This presentation is infinite. There are also finite presentations of Thomp- 
son's group, for e.g. T = (x , x±, x 2 , x 3 , x^\x k Xi = XiX k+1 (k > i, k < 4)). 

Definition 1.3. If G and H are groups, a word in G and H is a product of 

the form si.s 2 s n , where each Si is either an element of G or an element of 

H . Such a word may be reduced using the following operations: 

• Remove an instant of the identity element (of either G or H) 

• Replace a pair of the form g ± g 2 by its product in G, or a pair h 1 h 2 by 
its product in H . 

Every reduced word is an alternating product of elements of G and H. For 
example: g\h\g 2 h 2 . . .g k h k . The free product G * H is the group whose ele- 
ments are the reduced words in G and H , under the operation of concatena- 
tion followed by reduction. The free product is always infinite. Suppose that 
G = (Rg\Sq) is a presentation for G , where R G is a set of generators and Sq is 
a set of relations. Also H = (Rh\Sh) is a presentation for H , where Rh is a set 
of generators and Sh is a set of relations. Then G * H = (R G [j Rh\Sg U &h) 
i.e G * H is generated by the generators for G together with the generators for 
H , with relations consisting of the relations from G together with the relations 
from H (assume here no notational clashes so that these are in fact disjoint 
union). 

Example 1.4. Suppose that G is a cyclic group of order A i.e. G = (x\x A = 1) 
and H is a cyclic group of order 5 i.e. H = (y\y 5 = 1). Then G * H = 
(x,y\x 4 = y 5 = 1) is an infinite group. 

Definition 1.5. Suppose G has a presentation 

(ai, . . . , On, h, . . . , b m \R(a k ), ■ ■ ■ ,S(b t ), Ui{a k ) = Vi{bi), U q {a k ) = V q (bi)) 
and we have 

(1) A is subgroup of G generated by a±, a 2 , . . . , a n . 

(2) B is subgroup of G generated by b±, b 2 , . . . , b m . 

(3) H is subgroup of A generated by Ui(a k ), . . . , U q (a k ), where Ui(a k ) is a 
word in ai,a 2 , . . . ,a n . 

(4) K is the subgroup of B generated by Vi(bi), . . . ,V q (bi) , where Vj{bj) is 
word in bi,b 2 , . . . ,b m . 

Then G is called the free product of A and B with the subgroups H and K 
amalgamated under the mapping Ui(a k ) (-> V^(fy). 

Example 1.6. Consider G = (a, b\a A = l,b 6 = l,a 2 = b 3 ) . The homomor- 
phism of G into (x\x 12 = 1) given by a h-> x 3 , b h-> x 2 shows that a and b have 
orders four and six respectively. Hence G is the free product of A and B with the 
cyclic subgroups H and K of order two of A and B respectively amalgamated 
under the mapping a 2 >->■ b 3 , where A = (a\a 4 = 1} and B = (b\b 6 = 1). 

Remark 1.2. The free product of groups is a generalization of a free group; 
for a free group is the free product of infinite cyclic groups. Similarly, the free 
product of groups with an amalgamated subgroup is a generalization of the free 
product; for if the subgroup amalgamated is 1, then the free product results. 
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2. Fundamental Problems of Dehn 



• Word Problem: Given a presentation (X; R) of a group G. For an 
arbitrary word W in the generators, do we have an algorithm by which 
we can decide in a finite number of steps whether W defines the identity 
element for G or not. 

• Conjugacy Problem: Given a presentation (X; R) of a group G. For 
two arbitrary words W\, W 2 in the generators, do we have an algorithm 
by which we can decide in a finite number of steps whether W\ and W 2 
define conjugate elements of G or not. 

The conjugacy problem is even more difficult than word problem. 

• Conjugacy Search Problem: Given a presentation {X; R) of a group 
G and the information that W\ and W 2 are conjugate in G. DO we 
have an algorithm by which in a finite number of steps we can find a 
word W 3 such that W 2 = W^W X W 3 . 

3. Protocol 

Consider braid group B = [x\ whenever > 2 

and XiX i+l Xi = x i+l XiX i+ i) and Thompson group T = (y , y u y 2 , . . . \ykVi = 
ViVk+i(k > i))- Let {wi\ie\} and {ui\ie\} be set of words in {xj} and {7/3} 
respectively. Let H = (wi, w 2 , ■ ■ ■ , w n ) and K — (ui, u 2 , . . . , u„) be the sub- 
groups of B and T respectively. Consider 

G — (xi, x 2 , . . . , £„, . . . , y , yi, . . . \xiXj = XjXi whenever > 2 and XiX i+ iXi = 
x i+1 XiX i+1 ,y k yi = yiy k +i{k > i),wi = U!,...,w n = u^WiUjW^u^wi = 
wiWiUjiu^uJ 1 ) which is the amalgamated free product of B and T with sub- 
groups H and K of B and T respectively. This is used as a platform group. 
The group G and H & K are made public. 

• Sender computes A = . . . w^, where e k = ±1 & w ik eH and sends 

(A^uiA, A^ 1 u 2 A, . . . , A^UnA) to receiver. 

s s 

• Receiver computes B = u \ . . . u - 1 , where 5 k = ±1 & Uj k eK and sends 
(B _1 wiB, . . . , B^WnB) to sender. 

• Sender computes ^ = (A" 1 ^" 1 ^!^^, . . . , and Re- 
ceiver computes if 2 = (B^A^^AB, . . . , B~ x A~ x u n AB) 

Since fl-M^AS = A-^-^SAS-^- 1 )^^ 

= A~ x B~ x u { BA 

= A^B^WiBA (From definition of G) 

• Their secret key K = K\ = K 2 

To break, the protocol an adversary needs a solution to conjugacy search 
problem, because K is conjugate to (A^uiA, A~ l u 2 A, . . . , A^UnA) and 
(B~ l w\B, . . . , B~ 1 w n B). Even if the presented group is known to be nilpotent 
group of class 2, the conjugacy search problem appears to be infeasible and 
therefore difficult for adversary to decrypt. For let G be a nilpotent group 
of class 2. Suppose g and h are two conjugate elements i.e. there exist an 
element u such that g = u~ x hu = hh^u^hu. Since h~ x u~ x hu is an element 
of commutator and G is a nilpotent group of class 2. So g = h^u^huh = 
(uh)~ 1 huh. Denote v = uh, then g = v^hv. This shows that there also exist 
an element of G different from u such that g = v^hv and so on. Therefore 
the conjugacy search problem appears to be infeasible in G. 
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The conjugacy search problem in an amalgamated free product with a sub- 
group is more complicated even if the conjugacy search problem can be solved 
in B and T and the word problem can be solved in G. Thus the time-complexity 
increases in this protocol. It is still an open problem whether the conjugacy 
search problems in braid group can be solved in polynomial time by a deter- 
ministic algorithm. 
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